81 lines
1.9 KiB
JavaScript
81 lines
1.9 KiB
JavaScript
import * as sapper from '../__sapper__/server.js'
|
|
const express = require('express')
|
|
const compression = require('compression')
|
|
const serveStatic = require('serve-static')
|
|
const app = express()
|
|
const helmet = require('helmet')
|
|
const uuidv4 = require('uuid/v4')
|
|
|
|
const headScriptChecksum = require('./inline-script/checksum')
|
|
|
|
const { PORT = 4002 } = process.env
|
|
|
|
// this allows us to do e.g. `fetch('/_api/blog')` on the server
|
|
const fetch = require('node-fetch')
|
|
global.fetch = (url, opts) => {
|
|
if (url[0] === '/') {
|
|
url = `http://localhost:${PORT}${url}`
|
|
}
|
|
return fetch(url, opts)
|
|
}
|
|
|
|
const debugPaths = ['/report.html', '/stats.json']
|
|
|
|
const debugOnly = (fn) => (req, res, next) => (
|
|
!~debugPaths.indexOf(req.path) ? next() : fn(req, res, next)
|
|
)
|
|
|
|
const nonDebugOnly = (fn) => (req, res, next) => (
|
|
~debugPaths.indexOf(req.path) ? next() : fn(req, res, next)
|
|
)
|
|
|
|
app.use(compression({ threshold: 0 }))
|
|
|
|
app.use((req, res, next) => {
|
|
res.locals.nonce = uuidv4()
|
|
next()
|
|
})
|
|
|
|
// report.html needs to have CSP disable because it has inline scripts
|
|
app.use(debugOnly(helmet()))
|
|
app.use(nonDebugOnly(helmet({
|
|
contentSecurityPolicy: {
|
|
directives: {
|
|
scriptSrc: [
|
|
`'self'`,
|
|
`'sha256-${headScriptChecksum}'`,
|
|
(req, res) => `'nonce-${res.locals.nonce}'`
|
|
],
|
|
workerSrc: [`'self'`],
|
|
styleSrc: [`'self'`, `'unsafe-inline'`],
|
|
frameSrc: [`'none'`],
|
|
objectSrc: [`'none'`],
|
|
manifestSrc: [`'self'`]
|
|
}
|
|
},
|
|
referrerPolicy: {
|
|
policy: 'no-referrer'
|
|
}
|
|
})))
|
|
|
|
app.use(serveStatic('static', {
|
|
setHeaders: (res) => {
|
|
res.setHeader('Cache-Control', 'public,max-age=600')
|
|
}
|
|
}))
|
|
|
|
debugPaths.forEach(debugPath => {
|
|
app.use(debugPath, express.static(`__sapper__/build/client${debugPath}`))
|
|
})
|
|
|
|
app.use(sapper.middleware())
|
|
|
|
app.listen(PORT, () => {
|
|
console.log(`listening on port ${PORT}`)
|
|
})
|
|
|
|
// Handle SIGINT (source: https://git.io/vhJgF)
|
|
process.on('SIGINT', function () {
|
|
process.exit(0)
|
|
})
|